|
|
|
|
|
|
by bdelay
2626 days ago
|
|
|
Two reasons I didn't do that: 1. I believe Harman had a previous device hacked back around 2014 due to a weak shadow hash. My guess was that they learned their lesson and made the password more complex. An easy way to test would be to diff the latest shadow file in the updated Subaru images (assuming they exist) -- if it changed, you may be right, if not, I'd still wager it is strong enough. I don't like the idea of a backdoor like that available, but it is what it is. 2. The QNX6 hashing mechanism, to the best of my knowledge, isn't fully understood. Upstream changes to JTR seem to indicate that it has some form of bug in it or isn't fully reverse-engineered. That, along with having to spend presumably a large amount of time learning about contributing to hashcat & gpu programming, made this seem like a potential dead end without massive time investment. So, is it possible it is crackable? Almost certainly, but I'm one guy doing this and you have to spend your time carefully in these ventures. |
|
|
Given the reet of the work and your first point, it does seem like yours is the smart choice in this case. I was just surprised you didn't tey bruteforcing via ssh at first.
Thanks for the awesome article by the way! My Mazda got totalled last month, and I got a new 2019 Honda Fit I haven't gotten around to messing with yet. This gives some great ideas for how to proceed.